A large-scale cyber attack with ransomware is currently taking place in Europe, having hit hundreds of businesses and other organizations, including banks, construction and other industries, such as Boryspil Airport in Kiev. In Ukraine, have been recorded several pollution incidents, a "hit" also took place against the country's electricity provider, Ukrenego - which left 230,000 people in the country without electricity for about six hours!
Incidents are also reported in the Netherlands, and Maersk shipping company having confirmed that several of their online infrastructures have been shut down. Similar announcements were made by Rosnoft, an oil company in Russia.
According to a Kaspersky Lab researcher, the attack is based on the Petwrap malicious software, a variant of the Petya ransomware, which was discovered last March. What makes the situation extremely worrying is that so far it is not clear how exactly the infection is transmitted. It is, however, not possible to rely on the known exploit, like WannaCry, which exploits vulnerability of the SMB protocol that has not been patched.
The creators of ransomware have not been identified, but their goal is to collect ransom to "free" infected systems. They require from each victim, the amount of $ 300.
The following actions are proposed:
- User aware not to open attachments from unknown senders
- Update the antivirus
- Update the Intrusion Prevention System
Our analysts are already alert and monitor any suspicious activity.